playbooks/roles/vhosts/acp_server_codex/tasks/install.yml

---
- name: Install Codex ACP packages
  ansible.builtin.apt:
    name: "{{ acp_codex_packages }}"
    state: present
    update_cache: true
  environment:
    DEBIAN_FRONTEND: noninteractive
    APT_LISTCHANGES_FRONTEND: none
  become: true
  when:
    - acp_codex_packages | default([]) | length > 0

- name: Ensure Caddy conf directory exists
  ansible.builtin.file:
    path: "{{ acp_codex_caddy_conf_dir }}"
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: Detect UFW binary for Codex ACP
  ansible.builtin.stat:
    path: /usr/sbin/ufw
  register: acp_codex_ufw_binary

- name: Open HTTP and HTTPS ports when UFW is enabled
  ansible.builtin.command: ufw allow 80/tcp
  register: acp_codex_ufw_80
  changed_when: "'Rule added' in acp_codex_ufw_80.stdout"
  failed_when: acp_codex_ufw_80.rc != 0
  when:
    - acp_codex_enable_ufw | bool
    - acp_codex_ufw_binary.stat.exists | default(false)

- name: Open HTTPS port when UFW is enabled
  ansible.builtin.command: ufw allow 443/tcp
  register: acp_codex_ufw_443
  changed_when: "'Rule added' in acp_codex_ufw_443.stdout"
  failed_when: acp_codex_ufw_443.rc != 0
  when:
    - acp_codex_enable_ufw | bool
    - acp_codex_ufw_binary.stat.exists | default(false)